Observer 5.1

The multiple protocols and daemons that accumulate on my system make sorting through my network painful. To make this task more pleasant, I used Network Instruments' Observer 5.1, a helpful network-analysis tool. I expected Observer to be as underpowered as the network troubleshooting programs I've used in the past. Much to my surprise, Observer delivered on all its promises and helped me sort through my systems.

Clearing the Clutter
Before reviewing the software, I'll give you background about the server I ran Observer on. My main server houses two NICs: a 3Com EtherLink III PCI card and a 3Com EtherLink III ISA card. I use the EtherLink III PCI card as an adapter for my LAN; I use the
ISA card for connecting to my WAN, which, in turn, connects me to a 2.5Mbps asymmetric digital subscriber line (ADSL) to the Internet.

The LAN setup is simple: I hooked up a few Windows NT Workstation and Linux boxes to a Pentium II processor running NT Server. The ADSL link is more complex. Rather than directly connecting to the Internet, the ADSL router connects me to another network, which then translates my internal IP address to a live IP. This setup puts my machines behind a firewall and adds a layer to my Internet connection. Although this setup sounds convoluted, it's seamless in execution.

This setup complicates Observer's job. Instead of just watching my internal network activity, the program must monitor all TCP traffic going to and from my machine. As a demanding reviewer, I expected Observer to sort this data into easy-to-read columns (so many different types of TCP packets exist that I cringe at the thought of sorting through them manually). Observer lived up to my expectations.

Uncovering the Mystery
Installing Observer was easy: I just dropped the CD-ROM into my drive and clicked Setup. In 5 minutes, the software was ready to go. As I began working with Observer, the only problem I encountered was the learning curve associated with using the program. I found Observer's user interface (UI) to be confusing.

After I figured out the subtle nuances of the UI, I put Observer to work. Using 10Base-T NICs, I ran Observer against a five-station workgroup. Observer revealed that one of my workstations was causing network collisions. By using the Station view (an overview of all the systems on the network), I identified the machine with the faulty hardware. Then I easily solved the problem by replacing the NIC in that machine.

For Internet monitoring, Observer differentiates between different types of TCP packets, as Screen 1 shows. Because my server runs a variety of daemons, the ability to sort through FTP, HTTP, Simple Mail Transfer Protocol (SMTP), and Post Office Protocol (POP) traffic is a godsend.

Observer's weakness lies in its packet-sniffing mode, which lacks troubleshooting features (competing packages offer a mode for identifying potential network problems). However, Observer efficiently displayed the types of packets my system captures and the number of packets the system drops.

Observer Cleaned House
Observer is a keeper. I can let the program run for a month and then dump the output into a trend analysis filter to see what's taking place on my network. Observer includes the useful Ethernet Vital Signs utility (the utility also works on Token-Ring networks), which reports any errors on the network, such as cyclical redundancy check (CRC) errors and abnormal-sized packets. And Observer supports the major network protocols (i.e., IPX, TCP/IP, NetBIOS, NetBEUI, and AppleTalk), so you can be confident Observer will work on your existing network.

End of Article